Technology & Security

It's AuditBoard's mission to improve the audit, risk, and ESG compliance posture of organizations.

Security & Compliance Programs

In order to protect our customers and their data, AuditBoard has adopted a formal information security management program that governs software development, infrastructure operation, administration, and delivery of the AuditBoard product application.

AuditBoard maintains an ISO 27001-certified information security program, along with an extensive control environment that is aligned with and regularly assessed against industry standard frameworks such as NIST 800-53, SSAE-18 SOC 2, Cloud Security Alliance STAR, and HIPAA. The AuditBoard application is hosted exclusively on cloud infrastructure that meets FedRAMP moderate impact compliance requirements.

To view our ISO27001 certificate, CAIQ, SOC2 report, and other security artifacts, please visit our Trust Center: https://trust.auditboard.com/

HIPAA Compliant
GDPR
NIST 800-53
AICPA SOC
ISO IEC 27001 Information Security Management Certified
CCM Cloud Controls Matrix

Cloud-Hosted SaaS

The AuditBoard platform is hosted on Amazon Web Services (AWS) cloud infrastructure.

  • Trusted

    AWS is the gold standard for thousands of companies worldwide who rely on their extensive and integrated native security controls.

  • Browser-Based Web Application

    All functionality is accessible from a web browser and any modern browser is compatible.

  • Redundancy

    Servers are replicated and load-balanced across data centers and regions.

  • Physical Security

    AWS data centers use biometric entry authentication and have 24/7 monitoring.

Access Controls

Configure granular access policies and role-based permissions.

  • Single Sign-On

    Use industry standard SAML 2.0 to integrate your corporate directory or identity providers such as Active Directory, OneLogin, Okta, and many others.

  • Strong Authentication

    Customize password strength requirements, password reuse policies, and failed login attempt limits.

  • Two-Factor Authentication

    Require users to authenticate with phone-based one-time passwords (OTP) as a second factor.

  • IP Restrictions

    Limit what networks can access the AuditBoard application.

  • Precise Authorization

    Use out-of-the-box role-based permissions or create custom roles to restrict what can be viewed and edited — down to the field level.

Data Protection

All customer data is encrypted at rest and in transit.

  • Transport Encryption

    Strong end-to-end TLS 1.2 encryption protects customer data wherever it is transferred.

  • Storage Encryption

    All customer files, databases, and backups are AES-256 bit encrypted before being written to permanent disk storage.

  • Data Integrity

    Your data is protected from loss, manipulation, or corruption by crytographic hashing controls that enforce versioning and provide secure transactional capabilities.

  • Secure Deletion

    NIST-compliant data sanitization procedures are employed to securely delete data that has reached the end of its useful life.

Comprehensive Audit Trails

Visibility and monitoring at all levels.

  • Strictly Monitored

    All platform components are closely monitored to ensure performance, availability, and security.

  • Audit Logs

    Every data change made in the system is recorded against the authenticated user.

  • Login History

    Every successful or failed attempt to access your AuditBoard instance is recorded and viewable.

  • Slack
  • Google Drive
  • Lucidchart
  • Microsoft Office
  • Microsoft Visio

Integrate the Solutions
You Depend on Most

Leverage the industry’s most modern platform and extensible integration layer to connect with the other applications your organization uses. Whether you use one of our pre-built integrations or our flexible API, the possibilities are endless.

Learn More

Software Security

AuditBoard software is developed in accordance with the highest security standards.

  • Continuous Software Updates

    Product upgrades that contain new security enhancements as well as the latest software updates are automatically applied.

  • Extensively Tested

    All product updates undergo strict quality and security assurance testing before being made available for release.

  • Third-Party Verified

    AuditBoard platform security is regularly assessed by third-party penetration testers and security assessors.

  • Third-Party Vulnerability Disclosures

    AuditBoard is committed to protecting its customers and will promptly evaluate and address any reported vulnerabilities.

    We accept third-party disclosures in good faith and without penalty. You are welcome to submit any findings to vulnerability-disclosure@auditboard.com for review by the appropriate team.

Resiliency and Availability

Architected for high availability so your data is always there when you need it.

  • Real-Time Backups

    Continuous, real-time backups allow for data recovery at 1-second granularity.

  • Daily Backups

    Encrypted full database backups are made daily and stored in encrypted, redundant, and versioned S3 storage.

  • Resiliency and Redundancy

    Uptime is guaranteed by built-in redundancies at the regional, datacenter, hardware, container, and data levels.

  • Export Everything

    All data and files in AuditBoard can be exported in common formats such as CSV.